Back to all zero days
Multiple Cross Site Scripting (XSS) in Openfire Product
Ignite Realtime Openfire
5th Feb, 2020
Proof of concept: (POC)
The following vulnerability was tested on Openfire version 4.5.0 Product.
Issue 01: Stored cross-site scripting
Figure 01: Import CA Certificate page with malicious payload “> in alias parameter